This is an example how to do that on a Mac:
|
1 |
sudo keytool -import -noprompt -alias charles-$(date +%Y%m%d%H%M%S) -file "Downloads/charles-ssl-proxying-certificate.pem" -keystore "/Library/Java/JavaVirtualMachines/jdk-10.0.2.jdk/Contents/Home/lib/security/cacerts" -storepass changeit |
First you need to run charles and enable SSL proxying. The see which JDK is used by your application and add the certificate to the cacerts file:
|
1 2 3 4 5 6 |
curl -s http://ssl.charles/ --proxy 127.0.0.1:8888 > cert_file sudo keytool -import -noprompt -alias charles-$(date +%Y%m%d%H%M%S) \ -file cert_file \ -keystore /Library/Java/JavaVirtualMachines/jdk-10.0.2.jdk/Contents/Home/lib/security/cacerts \ -storepass changeit rm cert_file |
Ubuntu
First prepare the ubuntu machine by installing vino:
|
1 |
sudo apt install vino |
Then hit windows button and look for sharing. Configure the system to allow remote connections with given password.
You also need to disable encryption with:
|
1 |
gsettings set org.gnome.Vino require-encryption false |
MAC
Then you can access the machine from your Mac with Screen Sharing app with the url
|
1 |
vnc://<IP>:5900 |
To create a network bridge with netplan you have to create a file
|
1 2 3 4 5 6 7 8 9 10 11 |
network: version: 2 ethernets: enp6s0: dhcp4: true bridges: br0: interfaces: [enp6s0] dhcp4: true optional: false macaddress: <some mac> |
Make sure to place a mac address in and replace the interface name enp6s0 with yours.
Then run sudo netplan apply.
The machine gets a new IP from dhcp so make sure you have it configured in your dhcp before or have a local console 😉
Here a simple docker-compose.yml file to get kong community up and running. It is configured to use postgresql that persists data to a local docker volume. All ports are mapped to localhost only and log goes to stdout/stderr.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
version: '3.4' services: kong-db: image: 'postgres:10.1' ports: - 127.0.0.1:5432:5432 environment: POSTGRES_USER: kong POSTGRES_PASSWORD: kong POSTGRES_DB: kong PGDATA: /var/lib/postgresql/data/pgdata volumes: - db-volume:/var/lib/postgresql/data/pgdata healthcheck: test: 'echo "select 1" | psql -U kong kong || exit 1' interval: 1m timeout: 3s retries: 3 restart: unless-stopped kong: image: 'kong:0.11.2' ports: - 127.0.0.1:8000:8000 - 127.0.0.1:8443:8443 - 127.0.0.1:8001:8001 - 127.0.0.1:8444:8444 environment: KONG_DATABASE: postgres KONG_PG_HOST: kong-db KONG_PG_DATABASE: kong KONG_PG_USER: kong KONG_PG_PASSWORD: kong KONG_PROXY_ACCESS_LOG: /dev/stdout KONG_ADMIN_ACCESS_LOG: /dev/stdout KONG_PROXY_ERROR_LOG: /dev/stderr KONG_ADMIN_ERROR_LOG: /dev/stderr links: - kong-db # uncomment following line to run migrations for a new database # command: kong migrations up -v depends_on: - kong-db healthcheck: test: 'curl -f http://localhost:8001/status || exit 1' interval: 1m timeout: 3s retries: 3 restart: unless-stopped volumes: db-volume: |
Attention: The kong container fails to start unless migrations are not run on the connected database. To do this simply uncomment the marked line and start the containers. With the command set the container will execute database migrations and stop with exit code 0. After that the line can be commented out again. Then you can start kong with the given file.
When using IntelliJ IDEA with Spring Boot on a Mac make sure you have the entry
|
1 |
127.0.0.1 <hostname>.local |
in your /etc/hosts file. Replace <hostname> with your Mac’s name. Also make sure that the result of the command ‘hostname’ is in your /etc/hosts file as well pointing to your local address.
After years of development Oracle has released Java 9. It is available to download from the Oracle page as usual. Here is the EOL message for Java 8:
End of Public Updates for Oracle JDK 8
Oracle will not post further updates of Java SE 8 to its public download sites for commercial use after September 2018. Customers who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 8 or previous versions can get long term support through Oracle Java SE Advanced, Oracle Java SE Advanced Desktop, or Oracle Java SE Suite. For more information, and details on how to receive longer term support for Oracle JDK 8, please see the Oracle Java SE Support Roadmap.
In my former post i described a way how to create self signed SSL certificates with an own certificate authority. These certificates didn’t work in latest chrome versions so I updated my scripts to create valid certificates for chrome. This time I only create wildcard certificates because creating one for every subdomain was annoying.
|
1 2 3 4 5 6 7 8 9 |
#!/bin/bash if [ -e ca.key ]; then echo "ca.key already exists" exit 1 fi openssl genrsa -out ca.key 4096 openssl req -new -x509 -days 3650 -key ca.key -out ca.crt \ -subj "/C=AT/ST=Vienna/L=Vienna/O=Coffeebeans/CN=Coffeebeans Domain Validation Secure Server CA/emailAddress=office@coffeebeans.at" |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
#!/bin/bash NAME=star.$1 if [ "star." == $NAME ]; then echo "usage: $0 <domain.name>" exit 1 fi if [ -e $NAME.key ]; then echo "$NAME.key already exists" exit 1 fi if [ ! -e ca.crt ]; then echo "no ca certificate created" exit 1 fi CONFIG=$(cat <<-EOF [ca] default_ca=CA_default [CA_default] dir=./ca database=\$dir/index.txt new_certs_dir=\$dir/newcerts serial=\$dir/serial private_key=./ca.key certificate=./ca.crt default_days=3650 default_md=sha256 policy=policy_anything copy_extensions=copyall [policy_anything] countryName=optional stateOrProvinceName=optional localityName=optional organizationName=optional organizationalUnitName=optional commonName=supplied emailAddress=optional [req] default_bits=4096 prompt=no default_md=sha256 req_extensions=req_ext distinguished_name=dn [ dn ] C=AT ST=Vienna L=Vienna OU=Domain Control Validated emailAddress=office@coffeebeans.at CN=*.$1 [ req_ext ] subjectAltName=@alt_names [ alt_names ] DNS.1=$1 DNS.2=*.$1 EOF ) # PREPARE echo "$CONFIG" > config.txt if [ ! -d ./ca ]; then mkdir -p ./ca/newcerts touch ./ca/index.txt fi openssl genrsa -out $NAME.key 4096 openssl req -new -key $NAME.key -out $NAME.csr -config config.txt openssl ca -create_serial -batch -in $NAME.csr -out $NAME.crt -config config.txt # CLEANUP rm -f *.csr config.txt chmod 644 *.key *.crt |
I also tried to use these certificates in postfix which did NOT work. To create files for postfix see my former post.
I tried to rim robo3t-1.1.1-linux-x86_64 downloaded from https://robomongo.org/ and got the following error when trying to run it:
|
1 2 3 4 5 6 7 |
This application failed to start because it could not find or load the Qt platform plugin "xcb" in "". Available platform plugins are: xcb. Reinstalling the application may fix this problem. Aborted |
Trying to install xcb via apt install xcb doesn’t change the behavior. Then I found a solution by removing all libstdc++* files from the lib directory in the extracted directory:
|
1 |
rm lib/libstdc++* |
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
Docker version 17.06.0-ce, build 02c1d87
openshift-origin-server-v3.6.0-c4dd4cf-linux-64bit
I followed the steps under https://docs.openshift.org/latest/getting_started/administrators.html#downloading-the-binary and got the error in the title. To fix this you have to add “–exec-opt native.cgroupdriver=systemd” to ExecStart of docker. The best way to do this is to add a addin file /etc/systemd/system/docker.service.d/override.conf with following content:
|
1 2 3 |
[Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --exec-opt native.cgroupdriver=systemd |
Then reload systemd and restart docker:
|
1 2 |
sudo systemctl daemon-reload sudo systemctl restart docker |